Vulnerabilities > Ithemes

DATE CVE VULNERABILITY TITLE RISK
2019-08-28 CVE-2015-9372 Cross-site Scripting vulnerability in Ithemes Membership
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9371 Cross-site Scripting vulnerability in Ithemes Manual Purchases
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9370 Cross-site Scripting vulnerability in Ithemes Invoices
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9369 Cross-site Scripting vulnerability in Ithemes Easy US Sales Taxes
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9368 Cross-site Scripting vulnerability in Ithemes Easy EU Value Added (Vat) Taxes
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9367 Cross-site Scripting vulnerability in Ithemes Easy Canadian Sales Taxes
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9366 Cross-site Scripting vulnerability in Ithemes Custom URL Tracking
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9365 Cross-site Scripting vulnerability in Ithemes Authorize.Net
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9363 Cross-site Scripting vulnerability in Ithemes Exchange
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2018-06-22 CVE-2018-12636 SQL Injection vulnerability in Ithemes Security
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
network
low complexity
ithemes CWE-89
7.2